DOI QR코드

DOI QR Code

A Design and Development of Secure-Coding Check System Based on E-Government Standard Framework for Convergence E-Government Service

융복합 전자정부 서비스를 위한 전자정부 표준프레임워크 기반 시큐어코딩 점검 시스템 설계 및 개발

  • Kim, Hyungjoo (Department of Computer Science, Soongsil University) ;
  • Kang, Jungho (Department of Computer Science, Soongsil University) ;
  • Kim, Kyounghun (Department of Computer Information, Gangdong University) ;
  • Lee, Jaeseung (Department of Computer Science, Soongsil University) ;
  • Jun, Moonseog (Department of Computer Science, Soongsil University)
  • 김형주 (숭실대학교 컴퓨터학과) ;
  • 강정호 (숭실대학교 컴퓨터학과) ;
  • 김경훈 (강동대학교 컴퓨터정보과) ;
  • 이재승 (숭실대학교 컴퓨터학과) ;
  • 전문석 (숭실대학교 컴퓨터학과)
  • Received : 2015.01.16
  • Accepted : 2015.03.20
  • Published : 2015.03.28

Abstract

Recently computer, smart phone, medical devices, etc has become used in a variety of environments as the application fields of IT products have become diversification. Attack case of abuse of software security vulnerabilities is on the increase as the application fields of software have become diversification. Accordingly, secure coding program is of a varied but history management, updating, API module to be vulnerable to attack. Thus, this paper proposed a materialization of CMS linked system to enable check the vulnerability of the source code to content unit for secure software development, configuration management system that interwork on the transmission module. Implemented an efficient coding system secure way that departmentalized by the function of the program and by analyzing and applying secure coding standards.

Keywords

Software vulnerability;Secure-Coding;Convergence E-Government Service;E-Government Standard Framework;Hybrid Analysis;OWASP

Acknowledgement

Grant : The analysis technology of a vulnerability on an open-source software, and the development of Platform

Supported by : MSIP/IITP

References

  1. Small and Medium Business Administration, "Secure-Coding Check System", 2014.
  2. Jaeseung Lee, Hyungjoo Kim, Wongyu Choi, Moonseog Jun, "Secure coding configuration management system for secure application development", KAIS, 2014.
  3. Jaeseung Lee, Wongyu Choi, Sunghwan Kim, Moonseog Jun, "Secure coding system for the development of safe application design methodology", KAIS, 2014.
  4. Wongyu Choi, Jaeseung Lee, Junho Kim, Moonseog Jun, "Secure coding according to the mandate due to improved efficiency and reliability of the software development impact", KAIS, 2014.
  5. Jaehyun Kim, Yangsun Lee, "A study on Optimization Method for the Rule Checker in the Secure Coding", International Journal of Security and Its Applications Vol.8, No.1, pp.333-342, 2014. https://doi.org/10.14257/ijsia.2014.8.1.31
  6. Soo-Kyung Choi, Tae-Jun Hwang, Young B. Park, "2011 CWE/SANS Top 25 Dangerous Software Errors-based Vulnerability analysis and Secure Coding of the Hadoop's MapReduce Framework", Korea Computer Congress, 2013.
  7. Yunsik Son, Seman Oh, "A study on structured weakness classification for mobile application", Journal of korea multimedia society Vol. 15, No. 11, 2012.
  8. Jungsook Kim, "Secure Coding for Software Security", The korea contents association Vol. 11, No, 4. 2013.
  9. Ministry of Security and Public Administration, "Software Development Guide", 2012.
  10. Ministry of Security and Public Administration, "Software Security Vulnerability Check Guide", 2012.
  11. Ministry of Security and Public Administration, "Android Secure-Coding Guide", 2011.
  12. Ministry of Security and Public Administration, "JAva Secure-Coding Guide", 2012.
  13. Ministry of Security and Public Administration, "C Secure-Coding Guide", 2012.
  14. Bob Martin, Mason Brown, Alan Paller, Dennis Kirby, "2011 CWE/SANS Top 25 Most Dangerous Software Errors", 2011.
  15. OWASP, "The Open Web Application Security Project Top 10", 2013.10